from the not-so-transparent dept

Over the years, we've been happy to see Google launch and then continue to expand its "Transparency Report," highlighting both government and private attempts to censor content or get information on users. Given how successful that's been, Twitter and Microsoft have joined in as well, with similar transparency reports.

In fact, there's been an ongoing argument between these tech companies and the DOJ, seeking permission to be able to include more data concerning FISA court orders to their transparency reports in order to be more transparent and complete -- something we'd hope the government should want, but so far, has been fighting.

The latest entrant is Facebook, who has finally released a transparency report covering government requests for data (so, no info on other types of requests, such as copyright takedowns). The report shows that Facebook is certainly rejecting a decent number of requests that it feels are inappropriate. It also shows the data on the US using "ranges" (unlike every other country). So, for the US, they note that there were between 11,000 and 12,000 requests, impacting 20,000 to 21,000 accounts (and they complied with 79% of the requests). The use of ranges is consistent with Google, Twitter and Microsoft's reports, where the government has only allowed such reports to include data on national security letters if there was a range given. This is stupid and petty by the DOJ. Having the exact aggregate number of requests -- which might include other kinds of warrants/subpoenas as well as NSLs or FISC orders -- isn't going to reveal anything dangerous.

What's interesting is that the included FAQ insists that this report "contains every request for user data we received for the first six months of 2013." If that's true then that suggests that Facebook is including FISC orders as well as NSLs. However, other companies, like Google and Microsoft have indicated that they haven't been allowed to include FISC orders, which are often under gag orders.

Oddly, and for no clear reason, Facebook put the "transparency" report behind its registration wall -- meaning that you can't see it if you're not a Facebook member or if you're not logged in. That doesn't seem very transparent, frankly. Perhaps Facebook's legal team is similarly confused about Facebook's own privacy settings, and forgot to set this page to be shareable with "the public." Thankfully, there is a screenshot of the page so you can check it out:

Facebook Privacy

Facebook constantly updates their UI, so how the privacy settings are set changes every couple of months. What's worse, they had a nasty habit of resetting the privacy stuff to the default.

I share things with friends that at worst might be mildly embarrassing if an employer could see them, but that's it. If I don't need a security clearance, then there's no reason for anyone not on my allow list to have access to the data. Sadly, I can't trust that the settings won't get changed without me knowing it.

This is Facebook's big hurdle. People are realizing that Facebook is not inherently private, so they're self censoring. That decreases the value of the website, and turns people to things like snapchat.

Given the importance of user trust to a site like Facebook, I'm surprised by them walling this report off. Then again, it is Facebook....

Bugmenot....

....is a website I use to keep my anonymity when a simple registration is required to do a download or see an image. Porn sites and ROM sites are typically blocked but it is quite functional and all you have to do is provide a user name and password to a website you registered to to allow others to log in on so they don't have to register.

So for this transparency report that requires registration for use, just register once and then provide the user name and password to Bugmenot.

Re: Bugmenot....

A reasonable suggestion but sadly not one that will work in this case. Searching for Facebook on bugmenot gets you the following message:

"SITE BLOCKED
This site has been barred from the bugmenot system."

One workaround is to create a fake account yourself. Use a disposable email account to reply to the automated email, and you can set up a Facebook (or any other) account with fake details without compromising your privacy.

Either way, this doesn't excuse Facebook from locking up a supposed transparency report, especially since their own privacy settings would allow it to be visible by non-users of their site. It's either an oversight, or an attempt to keep track of who's looking at this data.

Re: Re: Bugmenot....

"One workaround is to create a fake account yourself. Use a disposable email account to reply to the automated email, and you can set up a Facebook (or any other) account with fake details without compromising your privacy."

Ah I hadn't known that. Thing is that even as a FaceBook user, I hadn't quite found where to get it. I assumed that the report had to with just registering for getting to the report. One thing is for sure, if the reports are individualized, then I really cannot complain about the idea of logging into FaceBook to get it.

Seems normal

If anything, I would say that the number of requests here are pretty low. Remember, 12,000 requests (where more than 100 million people are members) seems like a low ratio, and appears to be in keeping with normal policing levels. I can imagine that those requests are for everything including missing teens, the obviously stupid drug dealers that post pics on facebook, and so on.

It doesn't seem to be a very big issue. That the transparency is behind a basic login doesn't seem to be a big issue either, considering that the people impacted by these actions would be able to see the report without issue. Your comment on it seems to be whining for the sake of whining, not an actual complaint that means anything.

Re: Seems normal

There is something to be said about transparency and what it entails. Also, since non-members could be seen as potential customers it would stand to reason that wider transparency would have a positive effect given Facebooks past of excruciatingly bad privacy policies (to the point of non-existent) and lack of cooperation with, well, users, policy makers and companies. Since a review-process at least points to some cooperation with users and policy makers it would go a long way to improve reputation.

Never been part of Facebook, sure not been encouraged over the years to join. I promise you that this little tidbit is not going to make me suddenly change my mind. I've heard enough of the privacy nightmares involving Facebook to ensure I will never sign up.

I'm a software engineer at Facebook. Requiring login for this page was a simple oversight and should be fixed sometime this evening California time. Sorry for the confusion.
In the meantime, here's a screenshot so you can see it without logging in: http://i.imgur.com/025M2E6.png

This "report" is a farce, a lie, and a fabrication

Facebook has absolutely no idea where its victims' information has gone. It's simply pretending here that it actually can keep track and that it actually has produced a document which accurately reflects reality.

That's not just wrong, it's insanely wrong. Facebook has gone through one massive security breach after another in an unbroken succession that reaches back to its inception. (And those are simply the ones we know about. Every competent security professional knows that for every public-known incident, there are many more that will never surface.) Facebook has also self-inflicted security issues due to its relentless pursuit of its only goal: selling users' privacy for profit. And given Facebook's blindingly obvious lack of internal controls, there is no doubt whatsoever that numerous Facebook employees have helped themselves to as much data as they can exfiltrate.

The pathological liars at Facebook are simply hoping that the clueless, naive and stupid will accept this "report" at face value. It's a cynical stunt calculated to assuage the concerns of anyone dumb enough to fall for it, and it has ABSOLUTELY no connection to reality whatsoever.

So what is "reality" in this case? It appears obvious on inspection that Facebook is knowingly providing a complete feed of all data to the USG, and probably unknowingly providing a significant subset of that to anyone who can exploit the Facebook gaping-security-hole-of-the-month.

After all, why not? Zuckerberg has long since proven that he's willing to sell to anybody with cash-in-hand: why wouldn't he provide a feed to the USG in exchange for money? What possible reason could he have to say "no"?

I mean really, are you guys still using Facebook? I love it! A rich guy from Harvard who has never related to a normal person one day in his life knows what the world wants? Cool! and I believe in the tooth fairy too.
When is a real person from a real garage that has real people hanging out in it going to write a decent program to let me do it socially?
Facebook sucks and after October 1st Google is going to suck. You will locked into your timeline with tons of targeted ads that have been culled from every other site you ever went to. Yuccccchhhhh.